netbsd-help: Re: IPNAT needs IPF?

Subject: Re: IPNAT needs IPF?
To: Olli <oliverko@dialup.nacamar.de>
From: Jim Wise <jwise@unicast.com>
List: netbsd-help
Date: 02/14/1999 22:32:44

-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 11 Feb 1999, Olli wrote:

>For IPF on NetBSD-1.3.2 I have to recompile the kernel (options IPF)?
>A config-file is necessary :
>
># /etc/ipf.conf
>block out on ppp0 from 192.168.1.0/24 to any
>block in on ppp0 from any to 192.168.1.0/24
>
>MY this be right?

Note that if you prefer, you can use the `pass-filter' option to ppp in
lieu of using ipf on ppp0.  For example, my /etc/ppp/options has:

pass-filter '
        !(inbound && src net 192.168.0.0 mask 255.255.255.0) &&
        !(inbound && src net 127.0.0.0 mask 255.0.0.0)
        '

Although I can't speak for the relative performance of this and ipf.

I have IPF and IPNAT turned on in my kernel config, and have:

ipfilter=NO                                     # uses /etc/ipf.conf
ipnat=YES                                       # uses /etc/ipnat.conf
ipmon=YES               ipmon_flags="-s"        # syslog ipfilter
messages

in /etc/rc.conf.  Hope this helps...

- -- 
				Jim Wise
				jwise@unicast.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQEVAwUBNseVY4kLDoBfn5jPAQHwwAf/ez8SuPjmcEBpi6XquNuQglCfIAafVyud
lEXC88fDyrMSz0a2Qq4Si7i1dts/2qLTq5xTy/Q0jRZcrlO/j5Ggb5R+9wPFByGZ
aX3PjwLJeJKeBpqgWRb7YD2KoaSDfUL/Oj4vL99xk0n1mNWUeRfOKKIJj3PL23RX
pq+IrB+LSFLXVXjDSp1M3ZQLAb/bvCqaFK+jVn0zaKy5ubtvMS2Fde0rW2k7CcJ3
dnLRBvGXb2aqSr5fHJ/IhH/BiorAEhnvnVm3S1+63/jiUpzUJpwTv5/CE8s5Wjwh
SJB27UVSnRCaxUfvmdjdkSA161sU3mz/MkSJnIZttiyKZ0dwavIKrg==
=FYvM
-----END PGP SIGNATURE-----